(self, data, signature, algorithm=PKCS1v15_SHA1)
| 427 | raise UnsupportedAlgorithm(f"Unsupported algorithm: {algorithm}") |
| 428 | |
| 429 | def verify(self, data, signature, algorithm=PKCS1v15_SHA1): |
| 430 | _padding = self.parse_padding_for_signing(algorithm) |
| 431 | _hash = self.parse_hash(algorithm) |
| 432 | if SHA1 in algorithm and fips_enabled(): |
| 433 | # Verification with a SHA1-based algorithm is not allowed in FIPS |
| 434 | # mode. Return False rather than raise -- matches cryptography's |
| 435 | # historical "silent False" contract for unsupported algorithms. |
| 436 | return False |
| 437 | try: |
| 438 | self.key.verify( |
| 439 | salt.utils.stringutils.to_bytes(signature), |
| 440 | salt.utils.stringutils.to_bytes(data), |
| 441 | _padding(), |
| 442 | _hash(), |
| 443 | ) |
| 444 | except cryptography.exceptions.InvalidSignature: |
| 445 | return False |
| 446 | except cryptography.exceptions.UnsupportedAlgorithm: |
| 447 | return False |
| 448 | return True |
| 449 | |
| 450 | def decrypt(self, data): |
| 451 | pem = self.key.public_bytes( |
no test coverage detected